New service enables secure resource-sharing among institutions and providers over Internet

Share

Comment

CAMBRIDGE, Mass., November 17, 1999 -- The Corporation for Research and Educational Networking (CREN) and the Massachusetts Institute of Technology (MIT) announced today a significant development in Internet technology service that supports secure resource-sharing among institutions. The two organizations are launching a new, top-level Certificate Authority Service offered to institutions of higher education by CREN, with MIT's technical support, which reviews, validates, and issues digital certificates that campuses use for secure transactions over the Internet.

In making the announcement, Ira Fuchs, President and CEO of CREN, as well as Vice President for Computing and Information Technology at Princeton, said, "I am delighted that CREN is taking a leadership role in launching this service today. Supporting resource-sharing among institutions of higher education will enable students, faculty, and staff to make significant advances in their teaching and research over the Internet."

An essential part of the current infrastructure for conducting secure transactions over the World Wide Web, digital certificates verify both the authenticity of the sender of an electronic message and the integrity of that message, signaling to the recipient that it has not been altered.

Serving as the trusted third-party for institutions and resource providers, the new certificate authority service will issue institutional certificates, allowing individuals at CREN subscriber institutions to share online information and electronic resources in a cryptographically secure environment. By digitally signing the certificates issued by campus authorities, the service eliminates the need for each organization to establish secure relationships with every other institution on a case-by-case basis. Users at different institutions will be able to automatically verify the authenticity of the certificates they receive from each other's sites, simply by configuring their browser software for CREN's top-level certificate authority. This will facilitate inter-institutional relationships and support authenticated access to online information resources such as specialized databases and digital information resources. The service was developed at MIT, which served as one of three pilot institutions, along with Georgia Institute of Technology and Princeton University.

To initiate the new certificate authority service, network security expert Jeff Schiller, Manager of Network Services at MIT, and principal architect of this service, will generate an initial CREN "key" or root certificate, "cut" a private key, and generate one institutional certificate for each of the three pilot institutions. Once an institution has completed a process of authority registration with CREN, MIT will handle the certificate issuance process, reviewing each request for a certificate and then, if valid, issuing another certificate to the institution. In addition to providing the technical operations for the service, MIT's Network Operations Team is also developing software to automate the technically painstaking process which involves numerous steps for the proper exchange of certificates and activation of hardware.

MIT's Assistant Provost and Director of Academic Computing, M.S. Vijay Kumar commented, "Extending the concept of secure transactions from within institutions to across institutions, the CREN certificate authority takes us one step closer to building and accessing a richer repository of shared resources and collaborations."

One content provider who will be using the new service is the Journal Storage Project or JSTOR, a not-for-profit organization that is building a searchable digital database with the complete backfiles of academic journals. Spencer Thomas, JSTOR's Technical Coordinator, said, "As a trusted member of the academic community, CREN offers a reliable and affordable solution for authorizing digital certificates. Providing remote access to scholarly resources is one of the more vexing problems facing both users and providers of electronic information at colleges and universities. JSTOR is extremely pleased to participate in this important initiative."

Another endorsement of the service came from Ken Klingenstein, Director of Information Technology Services, University of Colorado at Boulder, and Middleware Project Director of UCAID (University Corporation for Advanced Internet Development), the organization responsible for Internet2. "This is an important step towards building a national interoperable higher education security infrastructure," stated Klingenstein. "With the CREN certificate authority mechanism as an anchor, we can begin the substantive work of establishing trust relationships within our community and enabling new institutional resource-sharing. Many agendas will be advanced with this deployment."

============================================

About CREN: Established in 1984, CREN is a non-profit member organization that supports the technical and practical information needs and tools of networking and information technology professionals. Current members number over 225, and range from small, private institutions such as Smith College to large public institutions such as the University of Wisconsin. URL: http://www.cren.net.

About MIT: The Massachusetts Institute of Technology is one of the world's preeminent research universities, dedicated to advancing knowledge and educating students in science, technology, and other areas of scholarship that will best serve the nation and the world in the 21st century. It is known for rigorous academic programs, cutting-edge research, a diverse campus community, and its longstanding commitment to working with the public and private sectors to bring new knowledge to bear on the world's great challenges. URL: http://web.mit.edu.